Mooketsi ‘Pop’ Motsisi is a former partner at KPMG

While KPMG was announcing its new executive team on Monday, the Foschini Group announced that it was dropping KPMG as its auditors with immediate effect. This recent announcement by a JSE-listed company to dissociate itself from KPMG is one which should hopefully cause the firm to pause and take stock. Foschini has at least two ex-KPMG partners on its Board of Directors – Anthony Thunstrom, Foschini’s CFO, only left KPMG in 2015, and the second, David Friedland, left in 2013. That these two Directors saw if fit for Foschini to cut ties with the auditing firm is quite telling.

KPMG finds itself in a climate where the South African public is gatvol with the corruption which has become a general malaise in the country. The public is intent on ridding the country of corruption which has seen a variety of State-owned Entities (SoEs) become dysfunctional and directionless. These entities are staffed and managed by hand-picked “deployees” who, through a combination of corruption and incompetence, are slowly driving these entities into the ground. In addition, some of these individuals have wittingly and unwittingly aided the Gupta family in siphoning billions of rand out of the country. The Gupta family is suspected of having looted an estimated R100-billion out of the country. These ill-gotten gains were obtained through corrupt practices involving some of these SoEs.

When the #GuptaLeaks saga came to the fore a few months ago, KPMG denied any wrongdoing. It was only a few weeks ago, however, that they came out with a halfhearted mea culpa which was stage-managed by KPMG International. We saw a few partners get ejected out of the firm with, as we now know, golden parachutes. We also heard that KPMG offered to pay back the R23-million earned from the SARS report which the firm now largely disowns and proffer an additional R40-million, to be offered to charities, presumably as some form of penance. The R63-million is significantly dwarfed by the damage that KPMG’s actions have had on the country’s economy if one considers the cash spirited by the Guptas and the effects that the SARS report has had on capital markets, the economy, and life for the ordinary person on the street. The lame contrition by KPMG falls far short of a firm that is seriously aware of, and willing to accept, the damage that it has caused. The firm is deaf to the calls from various parts of South African society, which include the public, the private sector, and others, to come clean with respect to its actions.

KPMG is taking its time in responding to these calls. It is losing clients almost daily. The announcement of the new executive team will do little, if anything, to assuage concerned parties. It is nothing more than a re-arranging of the deck chairs on a sinking Titanic. KPMG is failing to read the mood of the South African public and respond to it. The performance of its leadership team before Parliament’s Standing Committee on Public Accounts (Scopa) was revealing. It is in this appearance that KPMG confirmed the payments to the ousted partners and where the disturbing revelation was made that KPMG is dragging its feet in supplying the Independent Regulatory Board of Auditors (IRBA) with answers to questions and with documents which have been asked for. The impression that one got from that interaction with Scopa is that KPMG is busy sorting out what documents to provide to IRBA and what documents to hold back. I cannot help but think of the Arthur Andersen saga and what happened there with documents which did not reach the regulators in the United States.

KPMG has a robust set of Risk Management Procedures. Very roughly, they entail the evaluation of prospective clients, the evaluation of prospective engagements, the evaluation of clients if the firm is going to continue with them and the ongoing evaluation of especially large assignments which are executed over lengthy periods. With client acceptance, the evaluation is in the form of several questions about the client, the directors, major shareholders, the size of the entity in terms of revenues and other measures, whether the entity can afford the firm’s fees, and additional questions to do with whether the firm has any potential reputational risk from engaging with the client.

Engagement acceptance entails questions to do with whether the firm has the requisite skills and staff to carry out the work, the potential risks, any potential conflicts of interest, any questions on independence, and whether the firm stands to suffer any reputational damage from doing the work. Large jobs which have a lengthy duration, covering months or even years, are sometimes evaluated mid-stream to make sure that risk is still fairly well managed within the parameters set by the firm and whether there is a need to amend procedures initially agreed on and whether the firm is still performing within budget as far as the engagement is concerned.

For those companies that have been on the firm’s books for many years, the evaluation sets out to determine whether it is still advisable, given changed circumstances and other factors, to continue with serving the client. Last, each individual firm, via KPMG’s global network, is continually tested on the strength and veracity of its risk management by having individual partners, divisions or a whole practice reviewed by independent partners from other KPMG firms, through risk management reviews. These occur on a regular basis.

The responses to questions posed for the evaluation process are entered into an electronic database which is maintained and monitored globally. In a client acceptance and engagement acceptance process, for instance, responses are entered into the database and these are printed out for the engagement partner to inspect the responses and if satisfied, to then sign off on them before they are entered into a file. Once this is done, the engagement team normally does not have any further access to the system. When issues come up during an engagement, which invariably does happen, these issues need to be highlighted and placed on file. When a review takes place, the reviewing partner is provided access to the database and does the review based on what is in the system and against what has been placed on file in respect of either a client or an engagement.

The above is what most practitioners in most firms will be familiar with. It is understandable that nobody at the firm could have known just what sort of clients the Guptas would turn out to be when KPMG initially signed them on as clients in the early 2000s.

What KPMG needs to explain, which it still hasn’t, is the following.

What did the firm do when it became clear that the Guptas were undesirable clients?

That the Guptas were bad news was clear to most people from as early as 2010. There were enough red flags, as KPMG International calls them, to have caused KPMG to re-evaluate its relationship with the Gupta clients all along the way up to and including the Waterkloof airbase saga and the wedding at Sun City.

This all gets back to KPMG’s risk management. Surely, in re-evaluating their relationship with what we now know to have been more than 30 Gupta entities, the partners involved with these companies, the various Heads of Audit over those years, including the entire executive team and the entire board at KPMG, must have had occasion to ask themselves about the wisdom of retaining the Guptas. How did they respond to questions, in terms of their own risk management, which are required to evaluate whether a continued association with the Guptas might expose the firm to reputational risk? It cannot be that they were not aware of the public outcry about the Guptas, especially from 2010 onwards and even after the Gupta wedding in 2013.

KPMG merrily continued to provide services to the Guptas until 2016 when they announced that they were dropping the family. By then, they were not only providing services in Audit, but were also providing services in Tax and Advisory. It cannot be that they suddenly awoke to the reputational risk of doing business with the Guptas in April 2016, quite a few months after the banks started to cut links with Gupta-owned companies. They are either a bunch of ignoramuses at best, or a bunch of greedy and conniving crooks at worst.

Any meaningful review of what happened at KPMG with respect for work done for the Guptas should seek to determine whether KPMG South Africa acted in accordance with KPMG’s global risk management requirements, and if not, why not. This requires an examination of all the files and an assessment of how the relationships with the Guptas were evaluated by KPMG over the years. We are made to believe that Jacques Wessels is the only culprit when it comes to the wrongdoing which was uncovered via the Gupta emails. The Head of Audit, Mike Oddy, has been made to shoulder part of the blame.

Was it just the one company linked to the Gupta wedding which had evidence of malfeasance or were there others? Are the rest of the 30-odd companies clean? On what basis did KPMG initially decide to ditch the Guptas in April 2016? Was it because of this one company or were there issues with the other companies as well? And if there were signs of wrongdoing with respect to some of the Gupta companies what action did, has or is KMPG taking with respect to the partners who continued working with the Guptas despite the warning red flags?

Trevor Hoole and his executive team took office in 2015 when Moses Kgosana stepped down as KPMG’s CEO. The Gupta wedding at Sun City took place in 2013, long before Trevor Hoole and his team took office. It stands to reason that the Guptas were KPMG’s clients right through the duration of Moses Kgosana’s two terms of office. To what extent are he, his executive team and the board members during his two terms to blame for the Gupta saga? The impression that has been created is that KPMG has decided to act only on those issues on which it has been found out and hopes that this will satisfy the public and life can go as before after that. That approach is not working.

A second issue KPMG needs to address as it carries out its investigation is how conflicts of interest and independence were handled when the Tax and Advisory divisions started doing work for the Guptas. Three partners from Tax and Advisory were asked to leave because of the services they provided Gupta-linked companies. What was the nature of the red flags they ignored? Were issues to do with independence ignored, or was it other issues? There is a need for answers to these questions.

Whether KPMG South Africa survives or not, is up to KPMG itself. What the firm needs to come to grips with is that the public will not stand any longer for wishy-washy confessions as was stage-managed by KPMG International. What is expected of KPMG is for the firm to come up with the facts, and soon. That means responding to IRBA’s requests and launching the investigation to be led by independent legal counsel as soon as possible. This is not the time for obfuscation and delaying tactics.

A review process which uncovers all the wrongdoing with actual consequences for the wrongdoers, which include fines and time spent in correctional services, is what needs to happen. There should not be a repeat of sacked partners walking away with bulging pockets. This will not only help assure the public, which includes the private sector, of the firm’s sincerity, but will ensure the survival of the firm. Given what has happened, it is quite possible that the firm which remains will be much smaller than is the case today. Any more delaying to avoid possible sanction will not help. The slow drip, drip, drip of clients as they drop KPMG will continue. This would also be a serious misreading of the mood of the country. What is more important to the public is to save this country, and not auditors and advisers lacking in integrity. DM

Mooketsi ‘Pop’ Motsisi holds an MBA from Durham University, England. From 2002 to 2014 Motsisi served as a partner at KPMG and most of those years were served in the Corporate Finance Business Unit. Motsisi is an independent businessman and is a member of the Directorate of Market Abuse which is a committee of the Financial Services Board.